Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-21 | CVE-2024-7976 | Unspecified vulnerability in Google Chrome Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-7978 | Unspecified vulnerability in Google Chrome Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-7981 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-8033 | Unspecified vulnerability in Google Chrome Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-8034 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-8035 | Unspecified vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. | 4.3 |
2024-08-21 | CVE-2024-20488 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. | 6.1 |
2024-08-21 | CVE-2024-41572 | Cross-site Scripting vulnerability in Lang-Learn-Guy Learning With Texts 2.0.3 Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2024-08-21 | CVE-2024-41937 | Cross-site Scripting vulnerability in Apache Airflow Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. | 6.1 |
2024-08-21 | CVE-2024-7602 | Path Traversal vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. | 6.5 |